diff --git a/internal/api/config_handlers.go b/internal/api/config_handlers.go index 6042d2d..e5f38d7 100644 --- a/internal/api/config_handlers.go +++ b/internal/api/config_handlers.go @@ -3219,23 +3219,25 @@ if grep -q "pulse.lan\|pulse.home\|192.168" <<< "%s"; then : fi -echo "⚠️ SECURITY NOTICE" +echo "📊 Temperature Monitoring" echo "" -echo "Temperature monitoring requires SSH access from Pulse to this node." -echo "This creates the following security considerations:" +echo "Temperature monitoring collects CPU and drive temperatures via SSH." echo "" -echo " • SSH private keys will be stored on the Pulse server" -echo " • If Pulse runs in a container (LXC/Docker), keys live inside it" -echo " • Compromised Pulse = potential access to Proxmox hosts" +echo "Security Architecture:" +echo " • SSH key authentication (industry standard, used by Ansible/Terraform)" +echo " • Forced command restriction (only 'sensors -j' can execute)" +echo " • No port forwarding, X11, PTY, or agent forwarding allowed" echo "" -echo "Mitigations in place:" -echo " • Forced command restriction (only 'sensors -j' can run)" -echo " • No port forwarding, X11, or PTY allocation" +echo "For containerized Pulse (LXC/Docker):" +echo " • SSH keys stored on Proxmox host (not inside container)" +echo " • pulse-temp-proxy service manages connections securely" +echo " • Container compromise does not expose SSH credentials" echo "" -echo "This is a legacy feature. Future versions will use agent-based" -echo "architecture where nodes push metrics to Pulse (more secure)." +echo "For native Pulse installations:" +echo " • SSH keys stored in Pulse service user's home directory" +echo " • Standard key-based authentication with forced commands" echo "" -echo "Do you want to enable temperature monitoring? [y/N]" +echo "Enable temperature monitoring? [y/N]" echo -n "> " ENABLE_TEMP_MONITORING="n"